Building a cybersecurity strategy for growing companies (IDC Day 2022 - Tashkent)
•
0 likes•59 views
English-translated version of the presentation on IDC Day 2022 (Toshkent, Oʻzbekiston)
Recommended
Recommended
More Related Content
What's hot
What's hot (12)
Similar to Building a cybersecurity strategy for growing companies (IDC Day 2022 - Tashkent)
Similar to Building a cybersecurity strategy for growing companies (IDC Day 2022 - Tashkent) (20)
More from Vsevolod Shabad
More from Vsevolod Shabad (20)
Recently uploaded
Recently uploaded (20)
Building a cybersecurity strategy for growing companies (IDC Day 2022 - Tashkent)
- 1. Vsevolod Shabad vshabad@vshabad.com Building a cybersecurity strategy for growing companies
- 2. Brief professional career overview 2 www.linkedin.com/in/vshabad - a lot of details CIO, CISO at Global, Kazakhstan, and Russian companies CEO of small system integrator in Russia, system architect and project manager Network engineer, head of department Software developer 2018-2022 2000-2018 1993-2000 1985-1996
- 3. Which companies are we talking about? Adizes Organizational Lifecycle
- 4. What should be in a (sane) cybersecurity strategy? Cyber Risk management • What and from what we protect? • How do we classify the risks? • What are we doing to make the risks acceptable? Authority, resources, competency areas • Rights and responsibilities of the CISO • Rights and responsibilities of the CIO and CTO • Rights and responsibilities of business leaders Compromises made • What is more critical - confidentiality or availability? • What is more critical - performance or security? • ... Regulatory rules Nizhny Novgorod residents filmed a rat in the MUKKA restaurant, but the owner is sure it was planted. Marketers even provided video from cameras installed in the institution.
- 5. What (sometimes) the (non-well) strategies look like?
- 6. What (sometimes) the (non-well) strategies look like? Источник: https://bestyrelsesforeningen.dk/wp-content/uploads/2020/07/CISO-Mind-Map.pdf
- 7. (Sane) limiting the number of cybersecurity initiatives ● First phase: ○ Assets and services inventory ○ Acceptable Use Policy design ● Second phase: ○ Vulnerability management policies and procedures design ○ Vulnerability management automation ● …
- 8. Some parts of a real sane cybersecurity strategy ● Company – US-based software vendor ● The most important asset to protect – the company’s reputation ● Key threat – malware spread via software distributive image ● Key vulnerable surfaces: ○ 3rd party libraries and components ○ own source code (for instance, buffer overflow)) ○ Docker repository (image substitution) ● One of the compromises – the opportunity to publish the release with open critical vulnerabilities, if: ○ list of all known open critical vulnerabilities published in the documentation set ○ CTO signed this list and explicitly took personal responsibility for them ○ all key customers are informed about these vulnerabilities two weeks before the release date
- 9. How a (sane) cybersecurity strategy helps business grow ● Income increase: ○ penetrating new markets requiring a high level of trust ○ increasing staff productivity (removing unnecessary restrictions) ○ premium services for customers (priority fix for security issues) ● Cost decrease: ○ downtime for new hires until access is granted ○ high cost of purchased enterprise-class laptops ○ purchased cybersecurity tools that are not actually used
- 10. The economy of Uzbekistan is booming… -4 -2 0 2 4 6 8 2017 2018 2019 2020 2021 Annual Gross Domestic Product growth, % Kazakhstan Russia Uzbekistan Source: https://datatopics.worldbank.org/world-development-indicators/themes/economy.html
- 11. I'll be glad to contribute! ● Development and updating of the cybersecurity strategy ● Development and improvement of IT and Cybersecurity processes ● Preparation for ISMS certification vshabad@vshabad.com +7 777 726 4790